- 547656 CVE-2009-3626 perl: regexp matcher crash on invalid UTF-8
characters - 549306 version::Internals should be packaged in perl-version subpackage
This commit is contained in:
parent
9b1e909266
commit
bff7e1b43d
87
perl-5.10.1-CVE_2009_3626.patch
Normal file
87
perl-5.10.1-CVE_2009_3626.patch
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
diff -up perl-5.10.1/ext/re/t/regop.t.git perl-5.10.1/ext/re/t/regop.t
|
||||||
|
--- perl-5.10.1/ext/re/t/regop.t.git 2009-12-21 19:31:07.564141841 +0100
|
||||||
|
+++ perl-5.10.1/ext/re/t/regop.t 2009-12-21 19:31:55.158142088 +0100
|
||||||
|
@@ -233,12 +233,12 @@ anchored "ABC" at 0
|
||||||
|
#Freeing REx: "(\\.COM|\\.EXE|\\.BAT|\\.CMD|\\.VBS|\\.VBE|\\.JS|\\.JSE|\\."......
|
||||||
|
%MATCHED%
|
||||||
|
floating ""$ at 3..4 (checking floating)
|
||||||
|
-1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
|
||||||
|
-stclass EXACTF <.> minlen 3
|
||||||
|
-Found floating substr ""$ at offset 30...
|
||||||
|
-Does not contradict STCLASS...
|
||||||
|
-Guessed: match at offset 26
|
||||||
|
-Matching stclass EXACTF <.> against ".exe"
|
||||||
|
+#1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
|
||||||
|
+#stclass EXACTF <.> minlen 3
|
||||||
|
+#Found floating substr ""$ at offset 30...
|
||||||
|
+#Does not contradict STCLASS...
|
||||||
|
+#Guessed: match at offset 26
|
||||||
|
+#Matching stclass EXACTF <.> against ".exe"
|
||||||
|
---
|
||||||
|
#Compiling REx "[q]"
|
||||||
|
#size 12 nodes Got 100 bytes for offset annotations.
|
||||||
|
@@ -258,4 +258,4 @@ Got 100 bytes for offset annotations.
|
||||||
|
Offsets: [12]
|
||||||
|
1:1[3] 3:4[0]
|
||||||
|
%MATCHED%
|
||||||
|
-Freeing REx: "[q]"
|
||||||
|
\ No newline at end of file
|
||||||
|
+Freeing REx: "[q]"
|
||||||
|
diff -up perl-5.10.1/regcomp.c.git perl-5.10.1/regcomp.c
|
||||||
|
--- perl-5.10.1/regcomp.c.git 2009-12-21 19:32:05.893141719 +0100
|
||||||
|
+++ perl-5.10.1/regcomp.c 2009-12-21 19:33:35.106141384 +0100
|
||||||
|
@@ -2820,13 +2820,16 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/*
|
||||||
|
- Currently we assume that the trie can handle unicode and ascii
|
||||||
|
- matches fold cased matches. If this proves true then the following
|
||||||
|
- define will prevent tries in this situation.
|
||||||
|
-
|
||||||
|
- #define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
|
||||||
|
-*/
|
||||||
|
+ Currently we do not believe that the trie logic can
|
||||||
|
+ handle case insensitive matching properly when the
|
||||||
|
+ pattern is not unicode (thus forcing unicode semantics).
|
||||||
|
+ If/when this is fixed the following define can be swapped
|
||||||
|
+ in below to fully enable trie logic.
|
||||||
|
#define TRIE_TYPE_IS_SAFE 1
|
||||||
|
+
|
||||||
|
+*/
|
||||||
|
+#define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
|
||||||
|
+
|
||||||
|
if ( last && TRIE_TYPE_IS_SAFE ) {
|
||||||
|
make_trie( pRExC_state,
|
||||||
|
startbranch, first, cur, tail, count,
|
||||||
|
diff -up perl-5.10.1/regexec.c.git perl-5.10.1/regexec.c
|
||||||
|
--- perl-5.10.1/regexec.c.git 2009-12-21 19:33:50.570141632 +0100
|
||||||
|
+++ perl-5.10.1/regexec.c 2009-12-21 19:36:41.300142175 +0100
|
||||||
|
@@ -1006,16 +1006,15 @@ Perl_re_intuit_start(pTHX_ REGEXP * cons
|
||||||
|
|
||||||
|
#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, \
|
||||||
|
uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \
|
||||||
|
- UV uvc_unfolded = 0; \
|
||||||
|
switch (trie_type) { \
|
||||||
|
case trie_utf8_fold: \
|
||||||
|
if ( foldlen>0 ) { \
|
||||||
|
- uvc_unfolded = uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
|
||||||
|
+ uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
|
||||||
|
foldlen -= len; \
|
||||||
|
uscan += len; \
|
||||||
|
len=0; \
|
||||||
|
} else { \
|
||||||
|
- uvc_unfolded = uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
|
||||||
|
+ uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
|
||||||
|
uvc = to_uni_fold( uvc, foldbuf, &foldlen ); \
|
||||||
|
foldlen -= UNISKIP( uvc ); \
|
||||||
|
uscan = foldbuf + UNISKIP( uvc ); \
|
||||||
|
@@ -1054,9 +1053,6 @@ uvc, charid, foldlen, foldbuf, uniflags)
|
||||||
|
charid = (U16)SvIV(*svpp); \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
|
- if (!charid && trie_type == trie_utf8_fold && !UTF) { \
|
||||||
|
- charid = trie->charmap[uvc_unfolded]; \
|
||||||
|
- } \
|
||||||
|
} STMT_END
|
||||||
|
|
||||||
|
#define REXEC_FBC_EXACTISH_CHECK(CoNd) \
|
10
perl.spec
10
perl.spec
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
Name: perl
|
Name: perl
|
||||||
Version: %{perl_version}
|
Version: %{perl_version}
|
||||||
Release: 107%{?dist}
|
Release: 108%{?dist}
|
||||||
Epoch: %{perl_epoch}
|
Epoch: %{perl_epoch}
|
||||||
Summary: Practical Extraction and Report Language
|
Summary: Practical Extraction and Report Language
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
@ -65,6 +65,9 @@ Patch61: perl-much-better-swap-logic.patch
|
|||||||
# temporarily export debug symbols even though DEBUGGING is not set:
|
# temporarily export debug symbols even though DEBUGGING is not set:
|
||||||
Patch62: perl-add-symbols.patch
|
Patch62: perl-add-symbols.patch
|
||||||
|
|
||||||
|
# CVE_2009_3626 rhbz#547656
|
||||||
|
Patch63: perl-5.10.1-CVE_2009_3626.patch
|
||||||
|
|
||||||
# version macros for some of the modules:
|
# version macros for some of the modules:
|
||||||
%define Archive_Extract_version 0.34
|
%define Archive_Extract_version 0.34
|
||||||
%define Archive_Tar_version 1.52
|
%define Archive_Tar_version 1.52
|
||||||
@ -918,6 +921,7 @@ upstream tarball from perl.org.
|
|||||||
%patch58 -p1
|
%patch58 -p1
|
||||||
%patch61 -p1
|
%patch61 -p1
|
||||||
%patch62 -p1
|
%patch62 -p1
|
||||||
|
%patch63 -p1
|
||||||
|
|
||||||
#patch100 -p1
|
#patch100 -p1
|
||||||
#patch101 -p1
|
#patch101 -p1
|
||||||
@ -1854,6 +1858,10 @@ make test
|
|||||||
|
|
||||||
# Old changelog entries are preserved in CVS.
|
# Old changelog entries are preserved in CVS.
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Dec 22 2009 Marcela Mašláňová <mmaslano@redhat.com> - 4:5.10.1-108
|
||||||
|
- 547656 CVE-2009-3626 perl: regexp matcher crash on invalid UTF-8 characters
|
||||||
|
- 549306 version::Internals should be packaged in perl-version subpackage
|
||||||
|
|
||||||
* Mon Dec 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 4:5.10.1-107
|
* Mon Dec 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 4:5.10.1-107
|
||||||
- subpackage parent and Parse-CPAN-Meta; add them to core's dep list
|
- subpackage parent and Parse-CPAN-Meta; add them to core's dep list
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user